A short survey of log collection options and why you picked the wrong one. 😜
I'm Steve Coffman and I work at Ithaka. We do JStor (academic journals) and other stuff. How big is it?
Number | what it means |
---|---|
101,332,633 | unique visitors in 2017 |
# IMPORTANT! | |
# This gist has been transformed into a github repo | |
# You can find the most recent version there: | |
# https://github.com/Neo23x0/auditd | |
# ___ ___ __ __ | |
# / | __ ______/ (_) /_____/ / | |
# / /| |/ / / / __ / / __/ __ / | |
# / ___ / /_/ / /_/ / / /_/ /_/ / | |
# /_/ |_\__,_/\__,_/_/\__/\__,_/ |
#!/bin/bash | |
set -euo pipefail | |
openssl req -new -text -passout pass:abcd -subj /CN=localhost -out server.req -keyout privkey.pem | |
openssl rsa -in privkey.pem -passin pass:abcd -out server.key | |
openssl req -x509 -in server.req -text -key server.key -out server.crt | |
chmod 600 server.key | |
test $(uname -s) = Linux && chown 70 server.key | |
docker run -d --name postgres -e POSTGRES_HOST_AUTH_METHOD=trust -v "$(pwd)/server.crt:/var/lib/postgresql/server.crt:ro" -v "$(pwd)/server.key:/var/lib/postgresql/server.key:ro" postgres:12-alpine -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key |
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
Kong, Traefik, Caddy, Linkerd, Fabio, Vulcand, and Netflix Zuul seem to be the most common in microservice proxy/gateway solutions. Kubernetes Ingress is often a simple Ngnix, which is difficult to separate the popularity from other things.
This is just a picture of this link from March 2, 2019
Originally, I had included some other solution
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).update: A minor variant of the viru
Neither JOSE users nor JOSE library designers should be required to understand cryptography primitives. At a lower level, this can lead to badly implemented primitives. On a higher level, this can lead to reasoning by lego.
I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6
apt-get update && apt-get install gdb
# Get-SystemDriver requires the ConfigCI module on Win10 Enterprise | |
# This will collect all signer information for all PEs in C:\ | |
# This will take a while!!! | |
$Signers = Get-SystemDriver -ScanPath C:\ -UserPEs | |
# Associate the subject name of each certificate to the file/signer info | |
# so we can correlate the two. | |
$CertSubjectMapping = $Signers | % { | |
$Signer = $_ |
//sample: 1554e74b935a61d446cb634f80d7d1e200e864bc | |
//posted by @JohnLaTwC | |
// Also see research by Sudeep Singh, Yin Hong Chang @ https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html | |
----------------------------------------------- macro ---------------------------------- | |
Private Sub Workbook_Open() | |
Call doom_Init | |
Call doom_ShowHideSheets | |
End Sub |